magic auth issues

include/items.php

@@ -1783,7 +1783,7 @@ function item_store($arr,$allow_exec = false) {
 
 	// update the commented timestamp on the parent
 
-	$z = q("select max(commented) as commented from item where parent_mid = '%s' and uid = %d ",
+	$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d ",
 		dbesc($arr['parent_mid']),
 		intval($arr['uid'])
 	);

mod/magic.php

@@ -159,7 +159,7 @@ function magic_init(&$a) {
 		logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); 
 
 		goaway($target_url
-			. '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname()
+			. '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
 			. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION);
 	}
 

mod/post.php

@@ -55,7 +55,7 @@ function post_init(&$a) {
 
 			if(! $x) {
 				// finger them if they can't be found. 
-				$ret = zot_finger($addr,null);
+				$ret = zot_finger($address,null);
 				if($ret['success']) {
 					$j = json_decode($ret['body'],true);
 					if($j)
@@ -66,7 +66,7 @@ function post_init(&$a) {
 				}
 			}
 			if(! $x) {
-				logger('mod_zot: auth: unable to finger ' . $addr);
+				logger('mod_zot: auth: unable to finger ' . $address);
 				goaway($desturl);
 			}
 
@@ -131,7 +131,7 @@ function post_init(&$a) {
 				logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']);
 				q("update hubloc set hubloc_status =  (hubloc_status | %d ) where hubloc_addr = '%s'",
 					intval(HUBLOC_RECEIVE_ERROR),
-					$x[0][xchan_addr]
+					dbesc($x[0]['xchan_addr'])
 				);
 			}